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DETAILED ACTION 



Claims 1-12 are pending. 



Claim Rejections - 35 USC §102 



2. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed pubhcation in this or a foreign country or in pubhc use or on 
sale in this country, more than one year prior to the date of apphcation for patent in the United States. 

Claims 1-12 are rejected under 35 U.S.C. 102(b) as being anticipated by "Understanding LDAP" 
by the International Technical Support Organization. 

In reference to claim 1 : 

"Understanding LDAP" discloses an apparatus comprising: 

• At least one processor 

• A memory coupled to the at least one processor (Page 5, paragraph 2) Where a processor 
and memory coupled to at least one processor is understood to be a part of the computer 
system in both the client and server. (Page 5, Figure 1) 

• A directory service server that accesses a directory that has a plurality of 
entries(understood to be a part of LDAP), the plurality of entries including at least one 
proxy entry that contains security information for a corresponding protected resource, the 
directory service server including authentication and authorization functions that 
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determine whether a selected one of the plurality of entries may be accessed, where the 
object has an access control list, and access is determined through this access control Ust. 
(Page 7, Section 1.1.4, Directory Security) & (Page 8, paragraph 1) 

• A plurality of protected resources that are not stored within the directory, where the 
resources may not be stored within the directory because the directory itself can be 
decentralized or distributed, (Page 6, paragraphs 5-6) 

• An application residing in the memory and executed by the at least one processor, the 
application including a logical mapping that correlates each protected resource with a 
corresponding proxy entry, the application determining whether the application is 
authorized to access a selected protected resource by invoking the authentication and 
authorization functions in the directory service server to determine whether the proxy 
entry corresponding to the selected resource may be accessed, and if so, the appUcation 
accesses the selected protected resource, where the logical mappings that correlates with 
the protected resources are LDAP entries, the application determining whether the 
application is authorized to access the resource is the software necessary in an LDAP 
server, and where the information is determined through an ACL. (Page 8, paragraph 1) 

In reference to claim 2: 

"Understand LDAP" discloses the apparatus of claim 1 wherein the directory service server is a 
Lightweight Directory Access Protocol (LDAP) server, and wherein the directory is an LDAP 
directory. 
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In reference to claim 3: 

"Understanding LDAP" (Page 7, Section 1,1.4, Directory Security) - (Page 8, paragraph 1) 
discloses the apparatus of claim 1 wherein the application does not access the selected protected 
resource if the proxy entry corresponding to the selected resource cannot be accessed, where the 
resource cannot be accessed if the access right for that object in the directory is not granted. 

In reference to claim 4: 

"Understanding LDAP" (Page 7, Section 1.L4, Directory Security) - (Page 8, paragraph 1) 
discloses a method for a directory service that contains a proxy entry corresponding to an 
external protected resource to provide authentication and authorization functions to a software 
application, where the directory service is LDAP which contains proxy entries corresponding to 
file resources which correspond to respective ACLs which, with the LDAP server software allow 
for authentication and authorization functions, the method comprising the steps of 
• When the software application needs to access the external protected resource, 
performing the steps of 

o Identifying a proxy entry that corresponds to the external protected resource, 
where the objects are listed as LDAP entries such as that shown in (Page 18, 
Figure 5) 

o The software appKcation requesting fi'om the directory service access to the proxy 
entry that corresponds to the external protected resource, where the application is 
the client software necessary to allow the user to browse LDAP directories such 
as that listed on (Page 18, Figure 5) 
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o If the directory service grants access to the proxy entry that corresponds to the 
external protected resource, the appHcation accesses the external protected 
resource, where the entries requested are then accessed if permission is granted. 
(Page 4, Section 1.1.2 "Directory Clients and Servers") 

In reference to claim 5: 

"Understanding LDAP" (Page 7, Section 1.1.4, Directory Security) - (Page 8, paragraph 1) 
discloses the method of claim 4 further comprising the steps of: 

If the directory service denies access to the proxy entry that corresponds to the external protected 
resource, the application does not access the protected resource, where the resource cannot be 
accessed if the access right for that object in the directory is not granted. 

In reference to claim 6: 

"Understanding LDAP" (Page 7, Section 1.1,4, Directory Security) - (Page 8, paragraph 1) 
discloses a method for a directory service to provide authentication and authorization functions 
to a software appHcation, the method comprising steps of 

• Determining which of a plurality of resources require protection, where determining 
which of a plurality of resources requires is determined by attaching an ACL to each 
object. An object without an ACL for example, could be assumed to be accessible to 
anyone. 
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• Creating a proxy entry in the directory service for each protected resource, where the 
proxy entry is a representation on the interface of the client software, of a resource on the 
server or a distributed system accessible by the server. (Page 18, Figure 5) 

• Generating a logical mapping that correlates each protected resource to its corresponding 
proxy entry, where a mapping is logically generated on the client interface in which the 
resource is not on the cUent system itself, but another system. (Page 18, Figure 5) 

• When the software appUcation needs to access a selected protected resource, performing 
the steps of 

o Using the logical mapping to identify a proxy entry that corresponds to the 
selected protected resource, where the logical mapping is from the directory 
entries on the cHent side to the resources on the server. (Page 6-7, Section 1.1.3 
"Distributed Directories") 

o The software appUcation requesting from the directory service access to the 
identified proxy entry, where the software is both the LDAP client and server. 

o If the directory service grants access to the identified proxy entry, the application 
accesses the selected protected resource, where the LDAP server must verify the 
user against the details in the ACL for the resource before granting access. (Page 
7, Section 1.1.4, Directory Security) - (Page 8, paragraph 1) 



In reference to claim 7: 

"Understanding LDAP" (Page 7, Section 1.1.4, Directory Security) 
discloses the method of claim 6 fiirther comprising the step of 



- (Page 8, paragraph 1) 
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If the directory service denies access to the proxy entry that corresponds to the selected protected 
resource, the apphcation does not access the selected protected resource, where the resource 
cannot be accessed if the access right for that object in the directory is not granted 

In reference to claim 8: 

"Understanding LDAP" (Page 5, Figure 1) & (Page 18, Figure 5) discloses the program product 
comprising: 

• A software application that uses a logical mapping that correlates a plurality of protected 
resources that are not stored or contained within the directory with corresponding proxy 
entries in a directory service that is managed by a directory service server(LDAP server), 
the apphcation determining whether the application is authorized to access a selected 
protected resource by invoking authentication and authorization functions in the directory 
service server to determinine whether the proxy entry corresponding to the selected 
resource may be accessed, and if so, the apphcation accesses the selected protected 
resource, 

where a resource is logically mapped from the proxy in the chent side representation of 
the server side resource, and is only accessed if a user is authenticated and authorized 
according to the permissions to the resource given in its ACL. (Page 7, Section 1.1.4 
Directory Security, paragraph 3) - (Page 8, 1^' paragraph) 

• Computer-readable signal bearing media bearing the software apphcation, where the 
signal bearing media bearing the software apphcation is contained in the memory of the 
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client and server, as well the hard drives, and the possible transmission media in the 
communications between the client and the server. 



In reference to claim 9: 

"Understanding LDAP" discloses the program product of claim 8 wherein the signal bearing 
media comprises recordable media, where it is understood that signal bearing media may 
comprise recordable media such as hard disk drives, CD-R, floppy disks, or other magnetic 
media, all necessary in bearing the data signals when the data is accessed from the media. 

In reference to claim 10: 

"Understanding LDAP" discloses the program product of claim 8 wherein the signal bearing 
media comprises transmission media, where it is understood that in order for data to be 
transmitted from the client to the server, that some transmission media is needed and used. 

In reference to claim 1 1 : 

"Understanding LDAP" discloses the program product of claim 8 wherein the directory service 
server is a Lightweight Directory Access Protocol (LDAP) server, and wherein the directory is 
an LDAP directory. 



In reference to claim 12: 
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"Understanding LDAP" discloses the program product of claim 8 wherein the application does 
not access the selected protected resource if the proxy entry corresponding to the selected 
resource cannot be accessed. 

(Page 7, Section 1 . 1 .4 Directory Security, paragraph 3) - (Page 8, 1^^ paragraph) 



Conclusion 

3. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thomas M Ho whose telephone number is (703)305-8029. The 
examiner can normally be reached on M-F from 8:30am - 5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A. Morse can be reached at (703)308-4789. The fax phone numbers for the 
organization where this application or proceeding is assigned are (703)746-7239 for regular 
communications and (703)746-7238 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703)306-5484. 
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